Motivation
I've been playing around with azure a fair bit recenty and I wanted to deploy a docker container for some long-running tasks. I've done this before but I wanted to document the process for future reference.
Updated 1 May with additional information on how to integrate with Github
Create the Registry
create-container
az group create --name <nameOfResourceGroup> --location <location>
Try to pick a location that is close to you. This way, you'll have lower
latency. I chose southeastasia because I'm in Singapore.
Next, you'll need to then create a registry. This will store all your docker images that you wish to work .
create-registry
az acr create --resource-group schulz --name <nameOfRegistry> --sku Basic
You'll get a massive JSON file that'll be output to your server. Make sure to look through it and save two values
response.json
{
//...
loginServer: <Where your registry resides>,
//...
}
Next, you'll want to login to your az registry. You can do so by running the following command
az acr login --name <nameOfRegistry>If it's successfull, you should get the following response that looks something like this
(venv) ➜ filesplitter git:(main) ✗ az acr login --name <nameOfRegistry>
Login SucceededLastly, enable your admin user on the registry
az acr update -n <nameOfRegistry> --admin-enabled trueTag Your Image
You can see a list of images that you have locally with docker using
docker imagesThis will in turn give you a list of images that you have locally.
REPOSITORY TAG IMAGE ID CREATED SIZE
<nameOfImage> latest 628f83ffe348 26 minutes ago 1.35GBYou'll want to tag the image that you want to push to your registry. You can do so by running the following command
docker tag <nameOfImage> <loginServer>/<nameOfImage>:v1Your image will then be identified with the tag of <loginServer>/<nameOfImage>:v1.
Note that the name of the local image does not need to match the name of the image on the registry.
You can then verify that your image has been pushed to the registry you created by running the command
az acr repository list --name <nameOfRegistry> --output tablewhich should in turn give you the output as
Result
-------------
<nameOfImage>Deploying your image
Let's do a quick recap of what we've done
- We've succesfully created a new registry to house our docker image
- We've tagged our image and pushed it to the registry
amd now all that's left is to tell azure that we want to deploy our image. We can do so with the following command
deploy-container
az container create --resourceGroup <nameOfResourceGroup> --name <nameOfContainer> --image <imageTag> --dns-name-label <nameOfContainer> --ports <port you want to expose> --registry-username <nameOfRegistry> --registry-password <passwordOfRegistry> --environment-variables <any environment variables you might want to expose>If you have an .env file which looks like this
env1=value1
env2=value2Now just run the command and you're good to go!.
you should pass in the environment variables as 'env1'='value1' 'env2=value2'. Note that you'll need to wrap the environment variables in single quotes.
Bonus Steps - Github Actions
While optional, I highly recommend automating the release steps of your new docker container. This way you'll be able to just push and get everything set up without scrambling for your terminal.
On a high level, what we need to do is
- Create a new user with credentials to push to your azure container registry
- Create a new github action that will build and push your docker image to your registry
- Profit
Step 1 : Creating Credentials
We can connect your github repository to your azure container registry. This way, whenever you push to your repository, it'll automatically build and deploy your container to your registry.
First, we'll need to create a new set of credentials for our github runner. We can do so by running the command
az group show \
--name <nameOfResourceGroup> \
--query id --output tsvThis should return a group Id as
/subscriptions/a-b-c-d-e/resourceGroups/nameOfResourceGroupaz ad sp create-for-rbac \
--scope /subscriptions/a-b-c-d-e/resourceGroups/nameOfResourceGroup \
--role Contributor \
--sdk-authThis should give you a output similar to
{
"clientId": "xxxx6ddc-xxxx-xxxx-xxx-ef78a99dxxxx",
"clientSecret": "xxxx79dc-xxxx-xxxx-xxxx-aaaaaec5xxxx",
"subscriptionId": "xxxx251c-xxxx-xxxx-xxxx-bf99a306xxxx",
"tenantId": "xxxx88bf-xxxx-xxxx-xxxx-2d7cd011xxxx",
"activeDirectoryEndpointUrl": "https://login.microsoftonline.com",
"resourceManagerEndpointUrl": "https://management.azure.com/",
"activeDirectoryGraphResourceId": "https://graph.windows.net/",
"sqlManagementEndpointUrl": "https://management.core.windows.net:8443/",
"galleryEndpointUrl": "https://gallery.azure.com/",
"managementEndpointUrl": "https://management.core.windows.net/"
}You'll want to save this JSON output and keep it for a later step. Take note especially of clientId
Next, you'll need to give the service principal acccess to your azure container registry. You can do so by running the following command
registryId=$(az acr show \
--name <registry-name> \
--resource-group <resource-group-name> \
--query id --output tsv)az role assignment create \
--assignee <ClientId> \
--scope $registryId \
--role AcrPushStep 2 : Creating Github Action
Here is the github action that I am currently using to deploy my containers
deploy.yml
name: Azure Docker Container Deployment
on:
push:
branches:
- main
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: "Login via Azure CLI"
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: "Build and push image"
uses: azure/docker-login@v1
with:
login-server: ${{ secrets.REGISTRY_LOGIN_SERVER }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- run: |
docker build . -t ${{ secrets.REGISTRY_LOGIN_SERVER }}/${{secrets.IMAGE_NAME}}:${{ github.sha }}
docker push ${{ secrets.REGISTRY_LOGIN_SERVER }}/${{secrets.IMAGE_NAME}}:${{ github.sha }}
- name: "Deploy to Azure Container Instances"
uses: "azure/aci-deploy@v1"
with:
resource-group: ${{ secrets.RESOURCE_GROUP }}
dns-name-label: ${{ secrets.RESOURCE_GROUP }}${{ github.run_number }}
image:
${{ secrets.REGISTRY_LOGIN_SERVER }}/${{secrets.IMAGE_NAME}}:${{
github.sha }}
registry-login-server: ${{ secrets.REGISTRY_LOGIN_SERVER }}
registry-username: ${{ secrets.REGISTRY_USERNAME }}
registry-password: ${{ secrets.REGISTRY_PASSWORD }}
name: ${{secrets.DEPLOYMENT_NAME}}
location: "southeastasia"
secure-environment-variables: |
key1 = ${{secrests.key1}}
key2 = ${{secrests.key2}}You'll need to log into azure to get some of these credentials. Simply go to Home > Container Registries > Name Of Registry > Access Keys. You should see a screen like what I've linked below.
Here are some of the important variables to take note of which you should set in your github pipeline secrets.
AZURE_CREDENTIALS: This is the JSON output from the previous stepREGISTRY_LOGIN_SERVER: This is the login server of your registry. You can find this by running the commandaz acr show --name <nameOfRegistry> --query loginServer --output tsvREGISTRY_USERNAME: This corresponds to the UserName field in the image aboveREGISTRY_PASSWORD: Just choose either one of the passwords in the image above inpasswordandpassword2fieldsIMAGE_NAME: This is the name of your image. For example, if your image ismyImage:latest, then you'll want to putmyImagehere. This way you get a consistent valueRESOURCE_GROUP: This is the name of your resource group
With this, you should be able to simply deploy and push your container to your registry by pushing to your repository by creating a file with the path of .github/workflows/deploy.yml.
Enjoy!